Little Red Door: Small Indiana Nonprofit Falls Victim To Ransom Cyberattack A small Indiana nonprofit was devastated by a malware attack earlier this year. It's still recovering after hackers stole data.
NPR logo

Small Indiana Nonprofit Falls Victim To Ransom Cyberattack

  • Download
  • <iframe src="https://www.npr.org/player/embed/529257365/529257366" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Small Indiana Nonprofit Falls Victim To Ransom Cyberattack

Small Indiana Nonprofit Falls Victim To Ransom Cyberattack

Small Indiana Nonprofit Falls Victim To Ransom Cyberattack

  • Download
  • <iframe src="https://www.npr.org/player/embed/529257365/529257366" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Patient advocate Diana Rinker was diagnosed with breast cancer just before the hack. She's spent months re-entering client data into Little Red Door's system between rounds of chemotherapy. Annie Ropeik/Indiana Public Broadcasting hide caption

toggle caption
Annie Ropeik/Indiana Public Broadcasting

Patient advocate Diana Rinker was diagnosed with breast cancer just before the hack. She's spent months re-entering client data into Little Red Door's system between rounds of chemotherapy.

Annie Ropeik/Indiana Public Broadcasting

Everything was missing. Client files, financial data — all gone one Wednesday morning from the servers of Cancer Services of East Central Indiana — Little Red Door.

The small, Muncie-based nonprofit had been hit by a cyberattack like those that locked computers around the world last week.

The organization was hacked in January and, months later, is still recovering.

Executive Director Aimee Robertson-Fant says the group couldn't figure out what happened to its data when it went missing from the server.

What hackers did was "diabolical"

Adding to the confusion, she says, her staff started getting strange text messages "saying that 'they were going to be our new best friends' and that 'they were going to help us.' "

Next came the email with the subject line "Cancer Sucks, But We Suck More!"

"It was diabolical. It was cruel," Fant says. "They were brutal."

Hackers accessed the nonprofit's server after a staffer inadvertently downloaded malware from an email. The hackers wanted 50 bitcoin, or what was then about $43,000, to return the data and keep it private.

"I hate to use the word traumatic, but it was," Fant says. "You just don't understand what's happening, you just — it's sort of an out of body experience, where we just couldn't figure out why someone would be doing this to us."

Aimee Robertson-Fant went to work for Little Red Door after her mother used its services during her own battle with cancer. She calls the hack "traumatic." Annie Ropeik/Indiana Public Broadcasting hide caption

toggle caption
Annie Ropeik/Indiana Public Broadcasting

Aimee Robertson-Fant went to work for Little Red Door after her mother used its services during her own battle with cancer. She calls the hack "traumatic."

Annie Ropeik/Indiana Public Broadcasting

Fant says the FBI told her it has been investigating this group of hackers, and that they probably wanted sensitive information, such as bank account or Social Security numbers.

The hackers did not attack another nonprofit, the Little Red Door Cancer Agency, which is based in Indianapolis.

Hackers published private letters

But Little Red Door doesn't keep anything like that on file, Fant says. So when it decided not to pay the ransom, the hackers posted what they did have.

"It was pretty despicable," Fant says. "We send out grief letters to families [of] clients who have passed away, and they did publish some grief letters — on Twitter."

Michael Wolfe, chief technology officer of Muncie-based software firm Ontario Systems, says organizations like Little Red Door are "only secure as your weakest link in the chain," making them susceptible to hacking.

"So you need to be prepared for what you will do if that happens," he says, "because the likelihood of that happening is increasing daily."

Wolfe volunteered to help Little Red Door secure what data they could. But they couldn't recover everything.

Fant says her staff has spent months painstakingly entering client information, from handwritten notes and manila folders piled and filed all over the office, back into their computers.

Patient advocate Diana Rinker has been cheerfully leading that effort.

"I have a month of back data to enter," she says. She hoped to finish it that day. Then, she says, "we'll be caught up on this end."

Rinker was herself diagnosed with cancer just before the hack. She says she's been on data entry duty between rounds of chemotherapy.

"It's made it a little stressful," she says. "But it's so nice when our clients come in, because we've not had one client that hasn't been understanding."

Lesson for small businesses

Little Red Door has struggled since the hack with more than just paperwork. Without all its data in hand it hasn't been able to get much of the grant funding that pays its bills.

Michael Wolfe, the software company CTO, says there's a lesson here for small nonprofits and businesses.

"Stop. Sit down with your board. ... and think through some questions about: What is your IT infrastructure? Where do you store data? What is your data?" he says. "I'm sure that there are improvements to be made that could prevent devastation."

Hackers don't discriminate, he says, and no matter how small your business or how noble your nonprofit's mission, you could be vulnerable.

Update June 19, 2017

This story has been edited to add that Cancer Services of East Central Indiana – Little Red Door is separate from the Little Red Door Cancer Agency in Indianapolis, which was not the target of a cyberattack.